Suchen und Finden
Service
Health-Care Telematics in Germany - Design and Application of a Security Analysis Method
Ali Sunyaev
Verlag Gabler Verlag, 2011
ISBN 9783834965196 , 271 Seiten
Format PDF, OL
Kopierschutz Wasserzeichen
Foreword
6
Abstract
8
Contents
9
List of Figures
16
List of Tables
18
1 Introduction
20
1.1 Motivation
22
1.2 Objectives of the Thesis
25
1.3 Research Methodology
28
1.3.1 Design Science
29
1.3.2 Research Design
30
1.3.3 Design Theory
32
1.3.4 Theoretical Contribution and Research Outcome
33
1.4 Practical Implications, Users, and Beneficiaries
34
2 Healthcare Telematics in Germany with Respect to Security Issues
36
2.1 German Healthcare
36
2.1.1 Structure of German Healthcare
37
2.1.2 Characteristics of the German Healthcare Sector
38
2.1.2.1 Information Exchange and Distributed Information Flows in German HealthcareSystem
38
2.1.2.2 Current Problems
39
2.1.2.3 Specifics of the German Healthcare Domain
40
2.2 Information Systems in Healthcare
41
2.2.1 Seamless Healthcare
43
2.2.2 Interoperability, Standards and Standardization Approaches in Healthcare
43
2.2.2.1 Communication Standards
46
2.2.2.2 Documentations Standards and Standardization Approaches
50
2.2.3 Healthcare IS Architecture Types
52
2.2.3.1 Monolithic System
53
2.2.3.2 Heterogeneous System
54
2.2.3.3 Service-Oriented IS Architecture
54
2.2.4 Implications for Security Issues of Healthcare Information Systems
55
2.3 Healthcare Telematics
58
2.3.1 Definitions and Objectives of Healthcare Telematics
58
2.3.2 German Healthcare Telematics
61
2.3.2.1 Healthcare Telematics Infrastructure
61
2.3.2.2 Electronic Health Card
63
2.3.3 Risk and Security Issues of Healthcare Telematics
65
2.4 Summary
71
3 Catalogue of IS Healthcare Security Characteristics
72
3.1 Legal Framework
73
3.1.1 Privacy
73
3.1.2 Legal Requirements
74
3.2 Protection Goals
75
3.2.1 Dependable Healthcare Information Systems
76
3.2.2 Controllability of Healthcare Information Systems
78
3.3 Characteristics of IS Security Approaches with Respect to Healthcare
81
3.3.1 Literature Review
83
3.3.2 Overview of Healthcare IS Security Approach Characteristics
85
3.3.2.1 General IS Security Approach Characteristics
85
3.3.2.2 General IS Security Approach Characteristics with Reference to Healthcare
86
3.4 Summary
100
4 Analysis of IS Security Analysis Approaches
102
4.1 Overview
102
4.2 Review of Literature
103
4.3 Existing Literature Reviews
106
4.4 Theoretical Background
110
4.5 Systematization of IS Security Analysis Approaches
112
4.5.1 Checklists
114
4.5.2 Assessment Approaches
115
4.5.2.1 Risk Assessment Approaches
115
4.5.2.2 Security Control Assessment Approaches
117
4.5.3 Risk Analysis Approaches
120
4.5.4 IT Security Management Approaches
121
4.5.4.1 The Plan-Do-Check-Act Approach of ISO 27001
123
4.5.4.2 Best Practice Models
124
4.5.5 Legislation Accommodations
125
4.6 Analysis of IS Security Analysis Approaches with Respect to Healthcare
127
4.6.1 Examination of IS Security Approaches with Respect to General IS Security Approach Characteristics
129
4.6.2 Examination of IS Security Approaches with Respect to General IS Security Approach Characteristics with Reference to Healthcare
130
4.6.3 Examination of IS Security Approaches with Respect to Healthcare Specific IS Security Approach Characteristics
132
4.7 Summary
133
5 Designing a Security Analysis Method for Healthcare Telematics in Germany
135
5.1 Introduction
135
5.2 Research Approach
136
5.3 Method Engineering
138
5.4 Description of Method Elements
139
5.4.1 Method Chains and Alliances
139
5.4.2 Method Fragments
140
5.4.3 Method Chunks
144
5.4.4 Method Components
144
5.4.5 Theoretical Background
145
5.5 Formal Description of the Concept of Method Engineering
146
5.6 HatSec Security Analysis Method
150
5.6.1 From Plan-Do-Check-Act Approach to a IS Security Analysis Method for Healthcare Telematics
151
5.6.2 Design of the HatSec Security Analysis Method
152
5.6.2.1 Method Blocks and Method Fragments
154
5.6.2.2 Overview of the Building Blocks of the HatSec Method
155
5.6.2.3 Perspectives of the HatSec Method
156
5.6.2.4 Context and Preparation of the Security Analysis
157
5.6.2.5 Security Analysis Process
161
5.6.2.6 Security Analysis Product
166
5.6.2.7 Two Sides of the HatSec Method
170
5.6.2.8 HatSec Structure
172
5.7 Review of the HatSec Security Analysis Method
179
5.8 Summary
183
6 Practical Application of the HatSec Method
185
6.1 Selected Case Studies
186
6.2.1 Overview
188
6.2.2 Identification and Classification of the Attackers
189
6.2.3 Identification and Classification of the Attack Types
191
6.2.4 Summary
193
6.2 Assessment and Classification of Threats around the Electronic Health Card
187
6.2.1 Overview
188
6.2.4 Summary
193
6.3 Analysis of the Applications of the Electronic Health Card
194
6.4 Analysis of a Proposed Solution for Managing Health Professional Cards in Hospitals Using a Single Sign-On Central Architecture
205
6.4.1 Overview
206
6.4.2 Induced Process Changes
207
6.4.2.1 General Changes
207
6.4.2.2 Discharge Letter Process
208
6.4.3 Existing Approaches for Managing Smart Cards in Hospitals
209
6.4.3.1 The Decentralized Approach
209
6.4.3.2 The VerSA Approach
209
6.4.3.3 Disadvantages
210
6.4.4 The Clinic Card Approach
210
6.4.4.1 Technical Architecture
211
6.4.4.2 Smart Card Management Unit
212
6.4.4.3 The Clinic Card and Card Middleware
212
6.4.4.4 Connector
213
6.4.4.5 Remote Access
213
6.4.4.6 Unique Characteristics of the Central Approach
214
6.4.4.7 Discharge Letter Process
215
6.4.5 Comparison of the Presented Approaches
216
6.4.5.1 Evaluation Framework
216
6.4.5.2 Hardware Requirements and Integration
216
6.4.5.3 Session Management
217
6.4.5.4 Usability
217
6.4.5.5 Further Value-Adding Aspects
218
6.4.6 Summary
218
6.5 Security Analysis of the German Electronic Health Card’s Components on a Theoretical Level
219
6.5.1 Overview
219
6.5.2 Components and Documents Considered in this Security Analysis
220
6.5.2.1 Security Analysis of the Electronic Health Card’s Components
221
6.5.2.2 Analysis of the Connector
223
6.5.2.3 Analysis of the Primary System
226
6.5.2.4 Additional Deficiencies Found During this Security Analysis
227
6.5.3 Attack-Tree Analysis
230
6.5.4 Summary
230
6.6 Security Analysis of the German Electronic Health Card’s Peripheral Parts in Practice
231
6.6.1 Overview
233
6.6.2 Laboratory’s / Physician’s Practice Configuration
233
6.6.3 Network Traffic Analyzes and its Consequences
235
6.6.4 Attacking the German Electronic Health Card
236
6.6.4.1 Permanent-Card-Ejection
238
6.6.4.2 Fill or Delete Prescriptions
238
6.6.4.3 Block a Card’s PIN
239
6.6.4.4 Destroy a Card
240
6.6.4.5 Spy Personal Information
240
6.6.5 Summary
242
6.7 Case Studies: Lessons Learned
243
7 Appraisal of Results
245
7.1 Overview
245
7.2 Progress of Cognition
247
7.3 Design Proposals for Healthcare Telematics
248
Bibliography
251
Appendix
287